VPS firewall

Discussion in 'VPS Talk' started by ChatIndia, Aug 29, 2013.

  1. ChatIndia

    ChatIndia Community Advocate Community Support

    Messages:
    1,408
    Likes Received:
    30
    Trophy Points:
    48
    do you know how to install a firewall on ubuntu 13.04 server and configure it to block ougoing connections for certain applications?
     
  2. lysharia

    lysharia New Member

    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    That depends on whether or not you're using a control panel or not within the server itself.

    We'd need to know more in order to be able to help you.
     
  3. pornophobic

    pornophobic Member

    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    You won't find an answer to your question, sadly. That's just because there aren't many solutions to what you're looking for because there aren't many reasons to have it on Linux.
    There are some options that I can think of:

    1. Uninstall the application that is connecting to the internet when you don't want it to.
    2. If you know the hostname(s) of where this application is trying to connect, enter those hostnames as 127.0.0.1 in your /etc/hosts
    3. Enable SELinux and change the policy for the said application(s).
    4. Use iptables to block connections on the protocol it is using (not a good idea if it is http or any other needed protocol) in a rule based on the user running the process. OR use netstat to find the ips your unwanted connections are going and block any outgoing connections to those IPs.
    5. Grab the source for the 'offending' software and patch it
    6. As lysharia mentioned, if you are using a control panel there may be some settings to do that sort of thing. I don't know of any control panels that do this, but it is possible.
    6. Disconnect from the internet altogether.

    But you won't have much luck in finding many people who know how to install any firewalls with application based rules because there really aren't any.
     
    • Like Like x 1
  4. Dead-i

    Dead-i x10Hosting Support Ninja Community Support

    Messages:
    6,084
    Likes Received:
    367
    Trophy Points:
    83
    You could install CSF, as I think it's compatible with Ubuntu Server:
    http://configserver.com/cp/csf.html

    Once installed, in the configuration you can define which ports you want to whitelist.
     
  5. Skizzerz

    Skizzerz Contributors Staff Member Contributors

    Messages:
    2,929
    Likes Received:
    118
    Trophy Points:
    63
    If the applications are running under their own users, you can direct outgoing packets from those uids to their own iptables chains where you can then apply different rulesets from your main OUTPUT chain.

    for example, let's say you want to restrict www-data (which apache runs as) and postfix
    Code:
    (you'll need to either prefix all of these with "sudo" or run as root)
    iptables -N APACHE
    iptables -N POSTFIX
    iptables -A OUTPUT -m owner --uid-owner www-data -j APACHE
    iptables -A OUTPUT -m owner --uid-owner postfix -j POSTFIX
    # allow apache to connect outbound on ports 80 (tcp), 443 (tcp), and 53 (udp) but no others
    iptables -A APACHE -p tcp --dport 80 -j ACCEPT
    iptables -A APACHE -p tcp --dport 443 -j ACCEPT
    iptables -A APACHE -p udp --dport 53 -j ACCEPT
    iptables -A APACHE -j DROP
    # allow postfix to connect out on 25 (tcp)
    iptables -A POSTFIX -p tcp --dport 25 -j ACCEPT
    iptables -A POSTFIX -j DROP
    
     
    • Like Like x 2
    • Agree Agree x 2
  6. interne3

    interne3 Member

    Messages:
    135
    Likes Received:
    2
    Trophy Points:
    18
    Although I am not a VPS User, I have managed a site before on my own Ubuntu Server, and used ShoreWall Firewall. I need to do that again sometime.

    "sudo aptitude install shorewall"
     

Share This Page